ALB Ingress controller ACM issues.

Question

I have created ALB ingress controller following this below document.

https://docs.aws.amazon.com/eks/latest/userguide/aws-load-balancer-controller.html

Now i have deployed application,services and applied ingress rules.

```
piVersion: v1
kind: Service
metadata:
  namespace: demo-app-upgrade
  name: demo-app-service
spec:
  ports:
    - port: 443
      targetPort: 8082
      protocol: TCP
  type: LoadBalancer
  selector:
    app.kubernetes.io/name: demo-app
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  namespace: demo-app-upgrade
  name: demo-ingress
  annotations:
    kubernetes.io/ingress.class: alb
    alb.ingress.kubernetes.io/scheme: internet-facing
    alb.ingress.kubernetes.io/target-type: ip
    alb.ingress.kubernetes.io/certificate-arn: certificate-arn
spec:    
  ingressClassName: alb
  rules:
    - http:
        paths:
        - path: /
          pathType: Prefix
          backend:
            service:
              name: demo-app-service
              port:
                number: 443
```

Now if i try to hit my LB url it is not recognizing certificate.

```
kubectl get ingress/dud-ingress -n dud-app-upgrade
NAME          CLASS   HOSTS   ADDRESS                                                                   PORTS   AGE
dud-ingress   alb     *                url                                                                                     80      10m

```

i don't understand why ports is showing as 80 here.

`

Answer

From your setup, it seems like the port is showing as 80 because you haven't set up the SSL redirection correctly. SSL redirection from HTTP (80) to HTTPS (443) needs to be set explicitly in AWS ALB Ingress Controller setup.

You can use `alb.ingress.kubernetes.io/actions.ssl-redirect` annotation to configure a SSL redirection, so that all traffic coming over port 80 will be redirected to 443.

Here is an example:

```yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  namespace: demo-app-upgrade
  name: demo-ingress
  annotations:
    kubernetes.io/ingress.class: alb
    alb.ingress.kubernetes.io/scheme: internet-facing
    alb.ingress.kubernetes.io/target-type: ip
    alb.ingress.kubernetes.io/certificate-arn: certificate-arn
    alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}'
spec:
  ingressClassName: alb
  rules:
  - http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: ssl-redirect
            port:
              number: use-annotation
      - path: /
        pathType: Prefix
        backend:
          service:
            name: demo-app-service
            port:
              number: 443
```

In this example, an SSL redirection is configured using the `alb.ingress.kubernetes.io/actions.ssl-redirect` annotation. A separate path is created to handle the redirection. All traffic coming over port 80 will be redirected to 443 using HTTP status code 301 (Permanent Redirect).

Remember to replace `certificate-arn` with your actual certificate ARN from ACM (Amazon Certificate Manager).

Additionally, ensure the ACM certificate is in the same region as your EKS cluster and the certificate is valid. If you are using a custom domain, make sure that the DNS is set correctly to point to the load balancer's address. Also, ensure your security group rules allow traffic on port 443.

If my answer was helpful **please don't forget to upvote and click on "Accept Answer"**. Thank you!

ALB Ingress controller ACM issues.

Relevant content